OpenSSL-1.0.0a on AIX v5.3

Well once again I find myself scrambling to get something done that was known but not well communicated during the project life-cycle.  So I need to update all managed AIX machines running v5.3 to include OpenSSL (openssl-1.0.0a to be exact) and once again my disdain for AIX rears it ugly head, which is represented by the Zombie to the left 🙂  Aside from my personal dislike of the Korn shell… Maybe I am not being fair to AIX as I don’t really work in an AIX optimal environment, taking full advantage of all of the great tools they do have (NIM, clustering, SAN, etc…).  But managing them as 1-off’s just plain stinks.  Suffice it to say that I would NOT recommend deploying a stand-alone AIX server in any circumstance as you cannot realize anything near it’s full potential.  Anyway, here is what I did to rectify the issue at hand.

# Install SSL on AIX 5.3.0.0
# get the rpm.rte package on the system
mkdir /opt/ssl4AIX
cd /opt/ssl4AIX
installp -qacXgd rpm.rte rpm.rte
# Grab the other packages and put them on the AIX system
# http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html
rpm -ivh gcc-4.2.0-3.aix5.3.ppc.rpm
rpm -ivh libgcc-4.2.0-3.aix5.3.ppc.rpm
# Create a sym link – Check this first following RPM installs for correct PATHS
# find / -name libgcc_s.a
# /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/ppc64/libgcc_s.a
# /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/pthread/ppc64/libgcc_s.a
# /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/pthread/libgcc_s.a
# /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/libgcc_s.a
# Now make the link
ln -s /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/libgcc_s.a /usr/lib/libgcc_s.a
#
gunzip openssl-1.0.0a.tar.gz
tar -xf openssl-1.0.0a.tar
cd openssl-1.0.0a
./Configure shared –prefix=/usr aix-gcc
make
make test
# If all goes well !!!
make install

Incidentally, you need an IBM account if you want to download these packages from http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html… LOL

That stinks as well 😦

iSCSI SAN for CentOS 5.4

Well I guess I could have used OpenFiler for this… BUT here are a few steps to creating your own SAN-type-thing on CentOS 5.4…

#!/bin/bash
# iSCSI SAN for CentOS5.4
cd /usr/src
# Get the iscsi package
wget http://sourceforge.net/projects/iscsitarget/files/iscsitarget/1.4.20/iscsitarget-1.4.20.tar.gz/download
yum -y install kernel-devel openssl-devel gcc rpm-build make automake autoconf # you may already have these, this was a newer build for me so I didn’t…
tar -xzvf iscsitarget-1.4.20.tar.gz
cd iscsitarget-1.4.20
make
make install

# Name the disk
echo “Ok, I am going to name the disk for you”
echo “iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead” # awk only needed if u use FQDN’s
echo “BUT… you need to tell me what disk to use…”
df -h
echo “Type in the full path to your disk, i.e.(/dev/<md3>)”
read dname
touch /etc/initiators.allow
idname=”`echo iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname`”
echo “$idname 192.168.11.0/24” >> /etc/initiators.allow
touch /etc/initiators.deny
echo “ALL:ALL” >> /etc/initiators.deny
touch /etc/ietd.conf
echo “Target iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname” >> /etc/ietd.conf
echo ”        IncomingUser <uname>    <passwd>” >> /etc/ietd.conf
echo ”        OutgoingUser <uname>    <passwd>” >> /etc/ietd.conf
echo ”        Lun 0 Path=/dev/SAN/diskname,Type=fileio,IOMode=wb” >> /etc/ietd.conf
echo ”        Alias iSCSI for diskname” >> /etc/ietd.conf
echo ”        ImmediateData Yes” >> /etc/ietd.conf
echo ”        MaxConnections 1″ >> /etc/ietd.conf
echo ”        InitialR2T Yes” >> /etc/ietd.conf
yum -y install iscsi-initiator-utils open-iscsi
echo “InitiatorName=iqn.2010-04.factslx01-sanhead:factslx01” >> /etc/iscsi/initiatorname.iscsi
# /etc/iscsi/iscsid.conf
mv /etc/iscsi/iscsid.conf /etc/iscsi/iscsid.conf.bak
touch /etc/iscsi/iscsid.conf
chmod 600 /etc/iscsi/iscsid.conf
echo “# Default Settings” /etc/iscsi/iscsid.conf
echo “# Default Settings” /etc/iscsi/iscsid.conf
echo “#node.startup = automatic” /etc/iscsi/iscsid.conf
echo “#node.session.timeo.replacement_timeout = 120” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.login_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.logout_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.noop_out_interval = 5” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.noop_out_timeout = 5” /etc/iscsi/iscsid.conf
echo “#node.session.err_timeo.abort_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.session.err_timeo.lu_reset_timeout = 20” /etc/iscsi/iscsid.conf
echo “#node.session.initial_login_retry_max = 8” /etc/iscsi/iscsid.conf
echo “#node.session.cmds_max = 128” /etc/iscsi/iscsid.conf
echo “#node.session.queue_depth = 32” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.InitialR2T = No” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.ImmediateData = Yes” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.FirstBurstLength = 262144” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.MaxBurstLength = 16776192” /etc/iscsi/iscsid.conf
echo “#node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144” /etc/iscsi/iscsid.conf
echo “#discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768” /etc/iscsi/iscsid.conf
echo “#node.conn[0].iscsi.HeaderDigest = None” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.FastAbort = Yes” /etc/iscsi/iscsid.conf
echo “#” /etc/iscsi/iscsid.conf
echo “# Custom Settings” /etc/iscsi/iscsid.conf
echo “node.startup = automatic” /etc/iscsi/iscsid.conf
echo “node.session.auth.authmethod = CHAP” /etc/iscsi/iscsid.conf
echo “node.session.auth.username = <uname>” /etc/iscsi/iscsid.conf
echo “node.session.auth.password = <passwd>” /etc/iscsi/iscsid.conf
echo “node.session.auth.username_in = <uname>” /etc/iscsi/iscsid.conf
echo “node.session.auth.password_in = <passwd>” /etc/iscsi/iscsid.conf
echo “node.session.timeo.replacement_timeout = 120” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.login_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.logout_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.noop_out_interval = 10” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.noop_out_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.session.initial_login_retry_max = 10” /etc/iscsi/iscsid.conf
echo “node.session.cmds_max = 128” /etc/iscsi/iscsid.conf
echo “node.session.queue_depth = 32” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.InitialR2T = No” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.ImmediateData = Yes” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.FirstBurstLength = 262144” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.MaxBurstLength = 16776192” /etc/iscsi/iscsid.conf
echo “node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072” /etc/iscsi/iscsid.conf
echo “discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.FastAbort = No” /etc/iscsi/iscsid.conf
echo “# EOF” /etc/iscsi/iscsid.conf
service iscsi start
i=”`ifconfig |grep -v 127.0.0.1|grep “inet addr:” |awk -F “:” ‘{print $2}’|cut -c 1-14`”
iscsiadm -m discovery -t st -p $i # IP for iSCSI host
iscsiadm -m node -p $i -T iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname –login

So there it is !!! Now go use OpenFiler… LOL -> http://www.openfiler.com/

Teaser

Ya this is exactly that, a teaser. I am going, well have already started to work on a custom linux distro guide based on CentOS 5.4 with a focus on gateway/web settings.  I will not waste your time with non-working attempts on this one so it may be a bit before I actually have something that will install and do exactly what I am stating here without issues.  I will post items of interest throughout the process however as they present themselves.  Stay tuned.